Unbricking/hacking the iPhone

December 23, 2007 – 4:48 am

I was asked for help with someones iphone recently. It is amazing how many guides are out there and nearly all of them have a very specific instructions of what to do. If you don’t fit into their ideal situation, then you need to figure it out yourself.

Because I’ve spent a lot of time figuring it out, I thought that I would share a meta-guide to these guides and some advice in troubleshooting.

First, I started with a phone that was jailbroken and upgraded to iPhone firmware 1.1.2. My friend wanted to use his phone with a carrier other than AT&T, so they needed it to be carrier unlocked. Unlocking is sometimes problematic on firmware 1.1.2, so that required downgrading the firmware to one that would allow unlocking in this case.

I’m not sure what exactly was the problem with the phone in the first place, but it was unstable. I had to fix that problem first.

Another one of the problems was that I didn’t have an authorized SIM card to activate the phone. Through experimentation, I was able to determine that you can use any SIM that you happen to have laying around and use the hacktivate method to associate to a wifi network to get to the jailbreak website. Hacktivation does not work without a SIM card in place. After I put a deactivated SIM, it was happy to please me.

So if you have been able to hacktivate your phone after upgrading to firmware 1.1.2 to correct whatever previous problem existed, then you need to downgrade your phone to firmware version 1.1.1 using iTunes, then it has to be jailbroken, then perhaps more. If you have an upgraded iPhone, one that was not firmware 1.1.2 out of the box, and it has been prepared in this way to have firmware 1.1.1, jailbroken, and you have installed AnySIM 1.2.1u, you should be ready to run AnySIM and enjoy your unlocked iPhone.

Sounds complicated? That would be because it is.

So why are OOB (Out Of Box as forums like to abbreviate) iPhones unable to be upgraded? It has to do with the bootloader.

The version of the bootloader on this particular phone appears to be 3.09. In my research, I read discussions that most solutions to this bootloader problem require hardcore nerdosity and are temperamental. Alternatively, they can use a hardware tool like TurboSIM by the Czech company Bladox.

So if you were thinking about being some ebay superstar buying up iPhones and selling them for tons of money, you should realize:

  • It is a moving target
  • It is highly technical and inconsistent
  • Reliable methods may require a hardware investment
  • Most people will think you’re a jerk for charging a lot of money for a phone with a voided warranty.

You’ll be a complicated man and no one will understand you but your woman.

If you think you can handle it, you may be able to make a lot of dough in selling unlocked iPhones as the international demand is completely irrational and out of hand. With unlocked iPhones being sold in europe from $800 to €1400, there is a huge margin for profit considering how weak the US Dollar is currently when compared to other nations currencies. Accepting payment may be a challenge, but picking between Google Checkout, Paypal, and E-Gold should allow a degree of safety without excessive cost.

So, that being said, lets give a list of useful links:

iNdependence: The OSX iPhone manipulation application that makes many of the other methods user friendly. Site is complete with wiki and faq.

iBrickr: A bit more kludgish equivilant for Windows.

iPhone Status Ticker: A Google-hosted document that is frequently maintained outlining what methods are functional for different versions of the iPhone.

Hackintosh Guide to TurboSIM: This should answer many of your questions about what TirboSIM is and how it is used. A TurobSIM irc channel. Unlocking OOB 1.1.2 with TurboSIM.

Jailbreakme 1.1.2 instructions: No pretty pictures, but is the source of information for most of the howtos with pretty pictures.

The “ultimate” unlocking guide for 1.1.2: Pretty pictures included, but remember that only upgraded phones can use this method. It basically boils down to the following:

  • Restore to 1.1.2
  • Restore to 1.1.1
  • Jailbreakme.com
  • Ok2Prep
  • Upgrade to 1.1.2
  • Jailbreak with jailbreak.jar
  • Install anysim 1.2u
  • Turn on Airplane mode
  • Change Auto Lock to Never
  • Run Anysim

The activation of Airplane mode is odd step and key to the process. There is also some confusion about if unlocking should be preformed at firmware 1.1.1 or firmware 1.1.2 after upgrade, so your milage may vary.

iPhone Elite: A pretty hardcore resource for baseband downgrading, virginizing, and unlocking. Most, if not all, has been incorporated into iNdependence. They can be found on irc here.

iPhuc: The tool you can’t mention in polite company. Multiplatform sources are available and may have to be used if you are not getting what you need from iNdependence or ibrickr.

An example on downgrading firmware: Use of the option key is.. well.. key. Also good to know is that seeing “error 1015″ is a sign of success.

A tale of 1.1.2 unlocking: This guy sounds like he has had an interesting journey, like I have, with his iPhone experience.

Another tale: Repeated downgrading, jailbreaking, upgrading, and mentions in bold of things not to do. 40+ pages of dumb questions follow.

Unlocking Resources: These include another repository to add to the installer.app in jailbroken phones. Should be especially helpful if an unlocking was unsuccessful and you want to virginize the phone and try again.

You’ll notice that I only mention free software solutions. This is intentional. The free software is usually better, faster to be upgraded, and are usually stolen and rebranded by profiteers anyway.

If you get any strange error codes, throw them into a websearch. Usually it just means that you need to reboot your phone and try again.

One last note which confused me for a long time was the lack of free space on the iPhone that was hampering my troubleshooting. I found this referenced here. It was an “ah-ha!” moment.

I hope this has been interesting and saved you some time in investigating your hacking options for the iPhone. I think I’ve had about enough for a little while :)

, , ,

Read More »

By Ian Gorrie | Posted in Apple, Electronics, Phones | Comments (0)

Software liability

December 22, 2007 – 8:17 am

Another perennial topic that seems to come up whenever I am speaking to someone who is a consumer of technology. If they are one of the people that I actually bore with some of the details about what I do, it isn’t uncommon for me to talk about their individual concerns about internet security and identity theft.

Usually what they express to me is how they feel they have to be internet security experts to feel comfortable using the typical consumer computer configuration and going on to the internet to do anything. They feel that the industry has failed them in that no real concern is given to safety in products, but the focus is on selling the Next Great Innovative Feature Packed Product.

When industry experts get together, they tend to talk around the real issue and blamestorm about who should be left holding the bag. Usually, and strangely to me, this is the same people, or those next down stream from those people, who they are selling their products. Blaming their customers for buying their products? Interesting thinking there.

Therefore, as I’ve stated elsewhere, I have found it encouraging that the House of Lords published a report on personal internet security in which they preface with the following:

The Government have insisted in evidence to this inquiry that the responsibility for personal Internet security ultimately rests with the individual. This is no longer realistic, and compounds the perception that the Internet is a lawless “wild west”. It is clear to us that many organisations with a stake in the Internet could do more to promote personal Internet security: the manufacturers of hardware and software; retailers; Internet Service Providers; businesses, such as banks, that operate online; the police and the criminal justice system.

We believe as a general principle that well-targeted incentives are more likely to yield results in such a dynamic industry than formal regulation. However, if incentives are to be effective, they may in some cases need to be backed up by the possibility of direct regulation. Also, there are some areas, such as policing, where direct Government action is needed. So Government leadership across the board is required. Our recommendations urge the Government, through a flexible mix of incentives, regulation, and direct investment, to galvanise the key stakeholders.

There is also an interesting method of encouraging public discourse on the subject and one of the advisors to the council has a commentary about the whole process.

Interesting talk here, but there is a large degree of opposition. After all, it is features that sell software and not safety or quality; it is utility. When bad things happen, it is blamestorming and not pragmatism that prevails.

At least, that is how it has been until recently. Many people I know use the TJX breach as a case study for the PCI industry. Certainly it is interesting for a variety of reasons and has more than enough blame for each party involved.

Because of the invisibility of the problem caused by the reluctance of private firms to report on breaches unless they are caught and the technical adversaries aversion to attention, it is hard to address the problem for lack of quality data. This has every indication of changing in the future if California’s example is made federal.

For the most part, the feds in the USA are out to lunch and ineffective:

Limited resources. Current and former agents contend there are too few federal cyberinvestigators, and that too little is done to retain detectives with advanced technical training. Budget numbers appear to support the critics’ complaints.

Fractured responsibility. A half-dozen federal agencies fight organized Internet crime with overlapping programs, and at times are barred from sharing information. One private security consultant described having to act as a go-between, linking information between two agencies unable to talk directly.

An unfamiliar threat. Traditional crime-fighting techniques are often useless. And there are indications that top government officials still do not appreciate the scope or danger of the Internet fraud menace.

The great freedom that companies have with selling and sharing customer information and the limited and largely ineffective ability for those consumers to opt out of their practices is, in my opinion, one of the largest reasons for the identity theft epidemic.

, , ,
By Ian Gorrie | Posted in Information Security, Internet, Politics, Technology | Comments (0)

Symantec and commercial spyware

December 21, 2007 – 5:39 pm

I have no sympathy for the consumers of Solid Oak as discussed, if that is the right word, in the well circulated Chloe Albanesius article dramatically entitled “Update: Symantec Screwup Is ‘Worse Than Any Virus.‘”

Yes. Let’s be as sensational as possible far beyond the point of legitimacy. Good plan, Chloe. I’m sure your frothing editors at whatever brand of Ziff Davis are very happy.

If you have read this article and don’t understand what I mean when I say that the customers have it wrong to deploy spyware to police their systems, please allow me to explain. If you are deploying the cliche-named cybersitter or snoopstick, of course they should be detected and disabled by default. They are spyware and have the same behaviors as other spyware.

Institutions intending to control the content of web, and other internet traffic, need to have a captive portal approach with content management or they will fail. Treating the workstation as a trusted resource, in nearly all cases, is a mistake. Unless a lot of time and effort is spent in its deployment using technology that has been developed for this purpose, it is always going to be a piecemeal and fault-prone solution.

To get a handle on network traffic, you must take steps to secure your network and not focus on the weakest link that is the workstation. Instead, institutional consumers would be best served by looking into proxies that provide content management to control website destinations, malware scanning, and allowed application traffic.

, , ,
By Ian Gorrie | Posted in Information Security, Management | Comments (0)

Politics in system security

December 19, 2007 – 8:20 am

I’m surprised that some of these behaviors that I mentioned a year ago haven’t changed.

Yesterday many Apple users were installing a system security update. Depending on what article you read, this was either a really huge deal involving “monsters” and giant failures or a snoozefest of local vulnerabilities and not much of an issue at all except for the issue with preview.

What seems clear is that a lot of people take Apple super seriously. I’m pretty unclear on why.

I understand why my kool-aid drinking friends at The Empire are down on Apple. It comes with the territory. What I don’t understand are why some of the more level headed open source coders freak out about it. This vulns are largely open source local exploits. OSX threat vectors do not currently involve:

  • no usb autorooters
  • cdrom pwnkits
  • no real self propagating malware (yet)

Apple definitely has some interns writing code over there and it has shown on occasion, but I still think they’re ahead of the pack. Most of the complaints when the SANS FUD was brought up surrounded “well mac users are clueless” which is generally a valid point when it comes to common good practices. After all, types like me are always going to be in the minority. Why? Because people should not have to be hotshot information security experts to read their email or buy a book online.

Even though the drum is being thumped as much as possible trying to express “look! they’re just as bad as we are or maybe worse!” it isn’t playing out if you understand that open source software is easier to audit than proprietary software that needs to be beat on with fuzzers to prospect for quantitative results. Historically, every high or medium exposure will have malcode floating around in short order for Windows. So far it’s not easy enough to weaponize or just not worth the trouble of doing so for OSX.

I feel more comfortable about a fast disclosure and remediation cycle than a secret one where patches are only issued if there is exploit code in the wild and it can’t wait for the next service pack release to quietly fix the problems without attention from the nerdly public. It is a more honest and forthright policy which leads to building trust and more meaningful risk forecasting.

I think everyone that has been in my industry for a while has many examples of where embarrassing flaws and proof of concept code has shown what has been labeled as “purely theoretical” or “just a ipv6 bug” was anything but. Remember these lessons in your travels forward. Especially when companies like Cisco are going to put a bunch of features in IOS after unifying their target platform for heap overflows after denying their existence.

The more things change, the more they seem to stay the same in this game.

, ,
By Ian Gorrie | Posted in Information Security, Politics | Comments (0)

Bruce Schneier Facts

December 6, 2007 – 9:54 am

It is always great when people make old memes new again. Like the Chuck Norris Facts morphing into a way more entertaining Bruce Schneier meme.

I guess someone noticed that the beard was a fit, so now some guys in the UK are selling these shirts and providing an endless amount of Bruce Schneier Facts.

These guys are hilariously awesome.

By Ian Gorrie | Posted in Information Security, Internet | Comments (0)

A new hobby of mine

December 5, 2007 – 12:43 pm

I’ve decided that I, as a relatively new resident of Washington State, will start filing formal complaints with the state Attorney General’s office (using this form here) for those companies who have harvested or purchased my contact information.

I’ve been doing some of my own work in email marketing on behalf of one of my clients. One example is that they wanted was to target specific locales and a specified surrounding radius with a given client list.

Reputable businesses take steps to police themselves as to not enable spammers to get their services blacklisted and to not get called onto the carpet for enabling CAN-SPAM violators. Either of these could endanger their business.

What I have learned in particular is how the trade now has to be very explicit about not purchasing lists, validating that their consumers have opt-in, and having a management system to remove those that have lost interest. If they do not do these things, they risk financial hardship.

The FCC maintains a more optimized information page about what you can do to report violations, what information you should include in your complaint, and also what state agencies you can additionally inform.

Perhaps the upcoming do not track service will follow a similar vein. (Wired article here)

If something bothers you, do something about it. In this case, I’m making a real world dollar impact to the pockets of those who are selling my information without my consent and those who sell them services.

,
By Ian Gorrie | Posted in Business, Privacy | Comments (0)

Arrivial of the n95

November 27, 2007 – 5:02 am

As any proper geek should, I now have configured my new hardware to closely integrate into my life.

Most of it was quite straight forward, but there were a couple snags worth mentioning.

First is the Nokia Lifeblog software. You need to know the correct settings for things like Flickr and Wordpress.

Second, N95 support is absent from Apple iSync by default. You will need to grab the plugin installer from Nokia here. It is cool that Nokia is supporting their products in this way. This is a fairly new development as this was not the case just a little while ago.

HSPDA speeds are respectable even via bluetooth tether:


Also of interest is that Twango, which has been acquired by Nokia for the purpose of providing a platform for their phones customers to better distribute rich content, has a license that does not make a grab for ownership (bold theirs):

License You Provide to Twango

Twango does not claim ownership in your content and your posting of content to Twango’s Service does not transfer any ownership rights in the content to Twango. Twango provides content sharing services, and by using this Service, you hereby grant a license to Twango in the content you post, which aids Twango in providing its Service. The license you grant to Twango is a worldwide license to use, copy, perform, display, and distribute the content you provide (including any commentary or electronic files of any type), and to prepare derivative works of, or incorporate into other works, your content. The license you provide to Twango is non-exclusive (that is, you can still license your content to other parties), fully paid, royalty-free, perpetual and irrevocable and you agree to allow Twango to grant and authorize sublicenses under the license (in other words, Twango can sublicense the content to others under the license you provide to Twango, but Twango will only do so to promote and provide its Service, such as, for example, to other parties that aid Twango in delivering the content electronically over networks). Twango will only use the content in the course of providing or promoting Twango’s Service.

How rare! Because of this I will give them a try if only to email people embedded links to random mobile-videos. Done like so.

By Ian Gorrie | Posted in Phones | Comments (0)

Web2.0 and history recurring

November 24, 2007 – 10:05 pm

It is a new Web 2.0 economy! All the rules have changed!

Yeah. Sure they have. Right.

It’s the same shell game of no revenue that everyone has played before. Actually, I think it’s a little worse this time.

It is worse because companies like Google, and everyone else because of them, are over-valued in the extreme.

These companies can buy other companies by issuing more stock; they are printing the currency that is used to buy other companies. They better act quickly because their value will not last forever.

Add to this the suspension of disbelief that you don’t need to make money to be in business. That the wings of never ending VC investment, or the deep pockets of someone else, will keep your office lights on and you in beer to drink while making your podcasts. While you ramble on about whatever was a meme on the internet that week.

If you’re browsing around for 20 hours a week reading blogs, are you getting any work done?

Some of these businesses have a shot if they are adding a level of efficiency from other carrier solutions. Take for example twitter vs sms as a platform replacement. Most though, are sitting around and hoping that one of the big dogs will give them a crate of stock certificates for their cute (hastily developed and full of vulnerabilities) web application which they built with other peoples money who want their investment returned.

So before the next tech stock apocalypse, I would urge you, dear reader, to think about the following mindsets and how incompatible they are in practice and concept.

First, Craigslist.

Chief exec of Craigslist, Jim Buckmaster, is in the news frequently. Mostly because he doesn’t want to cash in on his community. Why doesn’t he want to do this? I’m sure that he does actually believe that offering a service to people for the good of the community is his primary mission. It is not a means to an end, but an end. That should be kept in mind when attempting to appeal to your culturally-entrenched audience. I submit to you in addition that it would kill, or at least dramatically decline, the website’s rate of growth. Unlike Google, Craigslist does not have to placate hordes of investors. They can do what they want for real instead of a “do no evil” vague clause which will, as we all know, go away as soon as push comes to shove.

Don’t believe it? Just wait and see.

Second, Facebook.

Facebook began as one man at Harvard cataloging his conquests of fellow student bodies. Now, based on creating a userbase before cashing in, they are in an interesting market position to compete with Google.

Allow me to explain by way of another Web 2.0 startup company that’s burning venture, Yelp.

Some time ago, I noticed that Yelp listings of restaurants were no longer coming up in Google maps searches. Yelp and Google had a falling out of some kind and Yelp’s growth and visibility dropped dramatically. Valleywag put it as a “battle in the streets” in their usual overly dramatic way. What is a website founder to do to replace the amount of traffic that comes up from Google Maps and search results? Is there any other way?

In fact yes. There is something that can be done. You can open your API and use Beacons to spread more content without the use of search engines. Remember that Beacons opt you in by default and that you must explicitly deny interaction. I find this behavior a morally objectionable and, more importantly, customer alienating. It is already regulated in Japan and EU countries, and will very likely be here in the United States as well.

I have started calling this practice of non-opt-in website-to-website trade of user information data promiscuity. Based on the terms of service of nearly all of these leading providers of cute web stuff, it is only getting started. Apparently some are calling it Hyper Targeting. Does “hyper targeting” mean anything to you? It sounds like sales babble to me. If you’ll notice, this is intentional with no attention given to preserving ownership.

I mention this because, as consumers will begin to notice eventually as I touched on in a past entry, they can pull the plug at any time by moving their content, which they do retain the rights of ownership, to another site that will not be so promiscuous with their data. This is what Lessig closed with in his indirect Creative Commons pitch at his oddly choreographed talk at the University of Washington that I attended.

What is my point? Ok. Here’s my point.

The lesson that is learned repeatedly and at great cost to those who make capital investments in consumer-facing investment redundant is that that consumer can move - and do so very quickly. The same could also be said of employees no matter how many should-be-worker-drones you have reading the how-to guide on being a disposable worker: Who Moved My Cheese?

How many other fortunes will fall before they learn the example of Craigslist in taking a longer view instead of the get-rich-fast crap shoot of the market capitalist? It will be interesting to see.

In the mean time, try to sell Google, Microsoft, or Yahoo your next startup business for a billion dollars.

, ,

By Ian Gorrie | Posted in Business, Internet, Privacy | Comments (0)

Pie for the holidays

November 24, 2007 – 3:10 am

This year I went to a friends house for Thanksgiving. Instead of going the easy way, I decided to make some pies.

Pumpkin is traditional and pecan was requested, so that’s what I prepared.

Pecan-o-riffic

I made a non-traditional pecan using this recipe to avoid using corn syrup. Why is corn syrup a problem? A little searching gave me this article as a reference for this post:

Journalist Greg Critser lays out a compelling case against high fructose corn syrup in his 2003 book, “Fat Land: How Americans Became the Fattest People in the World.” He argues that federal policies that aimed to stabilize food prices and support corn production in the 1970s led to a glut of corn and then to high fructose corn syrup. With a cheaper way to sweeten food, producers pumped up the size and amount of sweet snacks and drinks on the market and increased profits.

Critser writes that despite the food industry’s arguments that sugar is sugar, whether fructose or sucrose, no group “has yet refuted the growing scientific concern that, when all is said and done, fructose … is about the furthest thing from natural that one can imagine, let alone eat.”

Although some researchers have long been suspicious that too much fructose can cause problems, the latest case against high fructose corn syrup began in earnest a few years ago. Dr. George Bray, principal investigator of the Diabetes Prevention Program at Louisiana State University Medical Center told the International Congress on Obesity that in 1980, just after high fructose corn syrup was introduced in mass quantities, relatively stable obesity rates began to climb. By 2000, they had doubled.

Anyway. I also made a pumpkin pie which I got all extra lazy with and knocked out with canned goods, a pre-made crust, and a couple eggs.

Behold the squash puree custard majesty.

It was a great time. I learned many things. Among these is that I play Guitar Hero III much better after I’ve had a couple of cocktails to loosen up.

,

By Ian Gorrie | Posted in Biographical | Comments (0)

Amazon Kindle Launch

November 21, 2007 – 6:02 am

The media blitz over the Kindle is really excessive.

“Kindle: Amazon’s New Wireless Reading Device” (Amazon)

I think it’s great that someone finally found a way for newspapers to preserve their readership, but by getting people to buy a $400 brick with EVDO where they can download books? $10 ebook downloads? I’m curious to see who is going to buy them. Offering free cellular wireless just means that, I suspect, the costs will be tacked on to the related products. I do like the idea of newspaper delivery though. So what does an annual subscription look like with the purchase of this reader which should be obsolete in a couple years? $450? In a couple of years, thinner color versions of these things will be deployed as they are already prototyped in Japanese labs a couple years ago.

Does this mean that this is really just a very expensive kite project to test the winds of the Amazon empire being the Wal-Mart of eBooks?

I admit it. I hate reading pdfs on laptops and computers. I hate it so much that I don’t do it for more than 5 minutes at a time. What did I do about it? I got myself a Sony Reader. The geeks just love ‘em. Reviews: mssv, zdnet, engadget. Actually nearly everyone (except zdnet) is reviewing the old one. I have the new one.

Complete with my info engraved into the face. It’s complementary if you order it from sonystyle.

Really you don’t need to even use the software. You dump pdfs, mp3s, and pictures onto a memory stick or the internal memory and you’re done. It sorts them by itself (or its best guess if they are improperly named) and makes them available to you to read, listen, or view.

Is it a really big deal to plug in a usb cable and drag some pdfs into a folder? I don’t think that it is.

So the Kindle seems overpriced even before you look at its functionality and their ebooks, at ten bucks a pop, are drastically overpriced. Why do you need a keyboard on a book anyway?

Here’s the real thing that slays me. RSS feeds are $1 each on the Kindle.

The Kindle also does not read PDF files.

Wow.

What an amazing service. Good luck with that and your 12 prospective customers. It’s not innovative since Sony has had the same product without wireless out for nearly three years. It’s not cost competitive.

Additional reading:

,
By Ian Gorrie | Posted in Economics, Reviews | Comments (0)